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Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1-57 are rejected under 35 U.S.C. 103(a) as being unpatentable over Cox 
(U.S. Patent No. 6,738,814 hereinafter Cox) in view of (U.S. Patent No. 6,654,373 
hereinafter Maher). 

In considering claims 1-2, 4-5, 19-20, 22-23, 38-39 and 41-42, the combined 
system of Cox and Maher discloses a method for securing an accessible computer system, 
the method comprising: 

receiving a data packet that includes a payload portion and an attribute portion 
and is communicated between at least one access requestor and at least one access 
provider(See Fig. 2), monitoring the data packet received for at least one predetermined 
pattern(col. 3, lines 32-29); and 

controlling access by the access requestor to the access provider when the packet 
is determined to include at least one predetermined pattern (col. 3, lines 41-54). 

While Cox discloses analyzing the incoming packet against known patterns, Cox 
does not specifically disclose that the monitoring includes scanning at least the payload 
portion of the data packet for at least one predetermined pattern. Nonetheless, scanning 
the packet's payload and matching it against known patterns or strings is well known as 
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evidenced by Maher. In similar art, Maher discloses a payload analyzer that scans the 
contents of data packet's payload and attempts to match the payload contents against a # 
database of known strings (col 2, lines 64-66). 

According to Maher, the ability to look beyond the header information, while still 
in the fast-path and into the packet contents; would allow a network device to identify the 
nature of the information carried in the packet, thereby allowing much more detailed 
packet classification. The knowledge of the content would also allow specific contents to 
be identified and scanned to provide security such as virus detection, denial of service 
prevention, etc. It would have been obvious for a person having ordinary skill in the art, 
to modify the system as taught by Cox to include the step of scanning the entire packet 
including the payload in order to maintain an awareness of content over an entire traffic 
flow, and identify and filter out security problems such as email worms, viruses, denial of 
service attacks, and illegal hacking. 

In considering claims 3, 22, and 41, the combined system of Cox and Maher 
discloses that: 

monitoring the data packet includes scanning the payload portion while handling 
the data packet with a switch (See Maher, col. 11, lines 3-17). 

In considering claims 6, 25, and 44, the combined system of Cox and Maher 
discloses that at least one data packet is distinguished based on an Internet address 
associated with the packet (See Cox, col. 3, lines 55-60). 

In considering claims 7, 26, and 45, the combined system of Cox and Maher 
discloses that receiving the data packet includes receiving more than one data packet; and 
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monitoring the data packet includes monitoring all of the data packets received (See 
Maher col. 7, lines 10-19). 

In considering claims 8, 27, and 46, the combined system of Cox and Maher 
discloses that the access requestor is a client (Fig. 1 (16, attacker), and the access 
provider is a host (Fig. 1 (12, corporate private network). 

In considering claims 9-10, 28-29, and 47-48, the combined system of Cox and 
Maher discloses that the data packet is monitored when communicated from the client to 
the host or from host to the client (See Maher col. 3, lines 39-45). 

In considering claims 1 1, 30, and 49, the combined system of Cox and Maher 
discloses that the predetermined pattern includes a login failure message communicated 
from the host to the client (See Maher col. 7, lines 15-17). 

In considering claims 12-14, 31-33, and 50-53, although the combined system of 
Cox and Maher discloses the system substantially as claimed, it does not specifically 
disclose that the data packet includes a token-based protocol packet, a TCP packet or a 
PPP packet. Examiner takes official notice that the aforementioned packets are well 
known packets of well-known Internet protocols such as TCP and PPP. A person having 
ordinary skill in the art would have readily recognized the uses and advantages of 
including different types of protocols and their respective packets in order to comply with 
multiple standards thus making the system more extensible. Therefore the claimed 
limitation would have been an obvious modification. 

In considering claims 15, 34, and 53, the combined system of Cox and Maher 
discloses that controlling access includes denying access by the access requestor to the 
access provider (See Cox, col 4, lines 30-33). 
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In considering claims 16, 35, and 54, the combined system of Cox and Maher 
discloses that controlling access includes affecting bandwidth for communications 
between the access requestor and the access provider (See Maher col. 7, lines 56-67 
through col. 8, lines 1-6). 

In considering claims 17, 36, and 55, the combined system of Cox and Maher 
discloses that controlling access includes rerouting the access requestor (See Maher col. 
3, lines 25-38). 

In considering claims 18-19, 37-38, 56-57, the combined system of Cox and 
Maher discloses that receiving the data packet includes receiving more than one data 
packet; and controlling access by an access requestor to the access provider when a 
number of payload portions that include the predetermined pattern exceed a configurable 
threshold number during a configurable period of time (See Cox. col. 3, lines 1 1-29 and 
col. 4, lines 16-40). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kimberly D Flynn whose telephone number is 571-272- 
3954. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Glen Burgess can be reached on 703-305-4792. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 
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